While the memory card concept has been in existence since the early 1970's, the first automated chip card was not invented until the 1980's. In 1983, a French inventor created the first known automated chip card (smart card). The earliest mass use of the smart card was for facilitating payment for use of French pay phones. The second known use of smart card technology occurred nearly a decade later with a French payment card, which facilitated PIN-less payment transactions at toll roads. Soon thereafter, smart cards became widely implemented in markets having a need for highly secure portable tokens capable of facilitating financial transactions.
As used herein, a portable token includes security information for authenticating and identifying a user, the user's groups, and the user's privileges. Smart cards, chip cards, or Integrated Circuit Cards (ICC) often comprise credit card sized instruments with embedded integrated circuits configured to process data. In general, a smart card receives input, which is processed by way of ICC applications and then delivered as an output. There are two broad categories of ICCs. Memory cards include only non-volatile memory storage components and perhaps some specific security logic, while microprocessor cards include volatile memory and microprocessor components for performing more complex tasks.
As the smart card was gaining traction in the financial services market, the first Subscriber Identity Module (SIM) card was produced by a Munich smart card manufacturer. A Finnish wireless network carrier was the first to implement the SIM card to allow mobile devices to access and operate within the operator's network. Other network carriers followed soon thereafter, utilizing SIM cards to connect mobile devices to their cellular networks and provide subscribers with universally available services such as call roaming.
As used herein, a network carrier comprises, for example, a Global System for Mobile Communications (GSM) carrier. GSM is presently the most popular standard for mobile telephony systems in the world. GSM comprises ubiquitous standards that enable international roaming arrangements between mobile network operators, allowing subscribers to utilize their mobile devices in many parts of the world to facilitate voice calls, receive electronic mail, send SMS messages, access the Internet, and the like. Specifically, GSM is a cellular network, which means that mobile devices connect to it by searching for cells in the immediate vicinity.
As used herein, SIM cards store network-specific information used to authenticate and identify subscribers on a network. The most important of these are the ICC-ID, IMSI, Authentication Key (Ki), Local Area Identity (LAI), and Operator-Specific Emergency Number. SIM cards also store other carrier specific information such as, for example, the SMSC (Short Message Service Center) number, Service Provider Name (SPN), Service Dialing Numbers (SDN), Advice-Of-Charge parameters, and Value Added Service (VAS) applications.
Common Access Cards (CAC) and Personal Identity Verification (PIV) are personal token standards, which have been implemented by various governmental and commercial entities. CAC and PIV cards (personal token cards) are smart cards with very specialized functionality directed toward identity verification and access control. Personal token cards are designed to control access to computer networks, enable users to sign documents electronically, encrypt email messages, and enter controlled facilities. For example, CAC is issued to all active duty military, Reserves, National Guard, and Department of Defense (DoD) civilians who need access to DoD facilities or DoD computer network systems.
As used herein, personal token cards operate under electrical and mechanical principles similar to those of SIM cards; however, provide a distinct set of features. Personal token cards are configured to facilitate a variety of cryptographic functions including, for example, confidentiality, non-repudiation, tamper proofing, identity validation, and etc. Specifically, a personal token card is a hard-token personal authentication device that reliably protects a user's information and provides strong cryptographic operations. Unlike a GSM SIM, which is based on proprietary, vendor specific software; personal token cards are based on the Java Card specification. The Java Card specification is a subset of the Java programming language specifically targeted at embedded devices.
To summarize, SIM cards provide GSM features to facilitate network connectivity in accordance with defined connectivity protocols, while personal token cards such as CAC and PIV cards, provide personal identity verification and access control. Combined, the features of a SIM card and personal token card facilitate secure and reliable exchange of data over a specific established network. Conventional systems and methods utilizing the described technologies require a communication device (i.e., a cellular phone) to be configured to physically receive both types of cards. One drawback to this conventional card architecture is that mobile devices having features requiring a separate personal token card also require a separate reader device for extracting data from the personal token card for token validation. As such, a need exists for a single device that is configured with both network protocol and personal token features such as those provided by CAC and PIV cards.
Increasing consumer demands for alternative payment options combined with a desire by merchants to accept electronic payments with limited restrictions have led to a number of innovations directed toward mobile payments. Likewise, hardware and software developers have sought to expand the functionality of mobile devices to close gaps between buyers and sellers. These efforts produced newer generations of data compression and wireless networking protocols, enabling existing radio-based networks to efficiently move large amounts of data. While tremendous advancements have been made in this regard, questions remain as to how to most effectively protect the integrity of sensitive data as it traverses data networks.
Consumers and merchants have benefited from the convenience of electronic commerce on a larger scale; however, the full promise of mobile payment has not been realized due to remaining deficiencies in the ability to secure sensitive information. Islands of technology remain, which have not been bridged by secure, reliable, and efficient communication architectures. In other words, the ability to create and consume meaningful data at a mobile device has outpaced the ability to securely move that data from point to point over a network.
As such, there is a need for an alternative payment processing system, wherein merchants can utilize their preferred devices and network carriers without being required to purchase additional software and/or hardware. Moreover, a need exists for a system and device configured to protect sensitive information from being compromised as it moves between various points on a network. Specifically, the system should provide merchants with a simple and reliable method to accept and process transaction instruments remotely without compromising security standards. Specifically, the system and device should provide increased data security, improved efficiency, reduced operating costs, and enhanced customer experience.